Course contents *

The main activity of the course is a project where students independently attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, passwork creacking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.

Intended learning outcomes *

Ethical hackers are contracted for practical assessment of computer network security. Furthermore, for an effective defense against cyber attacks, a deep understanding of attackers' available range of action is required. After completed course, the student should therefore be able to

• perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning,
• identify vulnerabilities in network equipment and applications,
• customize exploits for software vulnerabilities,
• deploy and execute exploits on vulnerable systems,
• install and use remote access trojans for remote system control,
• dentify password files and extract passwords,
• exfiltrate data,
• implement solutions to strengthen the information security of computer networks.
• describe and discuss fundamental ethical dilemmas of information security

Course Disposition

No information inserted

Specific prerequisites *

• Basic skills in programming (for example DD1315 Programming Techniques and Matlab, D1316 Programming Techniques and C, DD1337 Programming, ID1018 Programming I or equivalent)
• English B/English 6 (or equivalent)

Recommended prerequisites

• Communiation networks (for example EP1100 Data communicatin and computer networks)
• Operating systems (for example ID1206 Operating sysstems)

Equipment

No information inserted

Literature

Course literature will be posted on the home page of the course at the latest four weeks before the start of the course.

If the course is discontinued, students may request to be examined during the following two academic years.

Grading scale *

A, B, C, D, E, FX, F

Examination *

• INL1 - Assignment, 0.5 credits, Grading scale: A, B, C, D, E, FX, F
• PROA - Project, 7.0 credits, Grading scale: A, B, C, D, E, FX, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

The final grade is equal to the grade of the project.

Other requirements for final grade *

Each part of the examination must be passed.

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted

Examiner

Pontus Johnson

Ethical approach *

• All members of a group are responsible for the group's work.
• In any assessment, every student shall honestly disclose any help received and sources used.
• In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Course web

Further information about the course can be found on the Course web at the link below. Information on the Course web will later be moved to this site.

Offered by

EECS/Computer Science

Main field of study *

Computer Science and Engineering, Electrical Engineering

Education cycle *

Second cycle

Add-on studies

No information inserted

Contact

Pontus Johnson

Supplementary information

In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex.